Description
brianleroux tiny-json-http version all versions since commit 9b8e74a232bba4701844e07bcba794173b0238a8 (Oct 29 2016) contains a Missing SSL certificate validation vulnerability in The libraries core functionality is affected. that can result in Exposes the user to man-in-the-middle attacks.
Remediation
References
https://github.com/brianleroux/tiny-json-http/pull/15
Related Vulnerabilities
CVE-2021-4040 Vulnerability in maven package org.apache.activemq:artemis-core-client
CVE-2017-1000244 Vulnerability in maven package org.jvnet.hudson.plugins:favorite
CVE-2016-6816 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2017-16190 Vulnerability in npm package dcdcdcdcdc
CVE-2020-5258 Vulnerability in maven package org.webjars.bowergithub.dojo:dojo